MFA & Other Special Authentication Flows

MFA methods used by providers supported by Deck Link

Most utility providers use standard connection flows, typically requiring a username and password. However, some providers implement more complex authentication methods to enhance security. Deck Link is designed to seamlessly support each of these unique connection flows, ensuring smooth access to data regardless of the provider’s authentication requirements.

Deck Link supports all MFA flows out-of-the-box, with the user able to stay within the Deck Link experience. You don’t need to configure anything extra for our widget to handle multifactor authentication seamlessly.

One Time Passcode (OTP)

Description: A two-factor authentication method where the user selects a phone number and an action (text or call) to receive a security code. The user must then enter this code to complete the authentication process.

Email One Time Passcode (Email OTP)

Description: In this flow, a one-time passcode is sent to the user’s registered email address. The user must retrieve the code from their email and enter it to complete the authentication process. This adds an extra layer of security by ensuring that only someone with access to the registered email account can proceed.

Trusted Device or Push Notification flow

Description: certain providers adopt this MFA for users who frequently access their accounts from smartphones or other trusted devices.

Questions + Image Selection MFA

Description: utility providers requiring a visual confirmation step after answering security questions.

Standard MFA Question

Description: A standard MFA (Multi-Factor Authentication) question is a security measure that requires users to answer a predefined question to verify their identity. These questions are typically based on personal information that only the user should know, providing an additional layer of security beyond passwords. This form of authentication is used to confirm the user’s identity when accessing sensitive accounts.

Example Question:
“What was the name of your first pet?”

Iterable MFA Questions

Description: Iterable MFA questions are used when providers need to refresh or reset the user’s security questions during the login process, ensuring credentials remain current and secure. This often occurs after a certain number of incorrect login attempts followed by a successful one, or periodically as a security measure. Users are prompted to create new answers or adjust existing ones to align with updated security protocols.

Example Scenario:
During a login attempt, the user is prompted with the message: “For security reasons, please update your security questions.” The user is then guided through a series of questions that may include:

Question: “What was the model of your first car?”
• Action Required: The user must provide an answer that matches their previous response or, if updating, set a new answer.
• Question: “Select your favorite color from the options below: Red, Blue, Green, Yellow.”
• Action Required: The user must choose the correct option, and if updating, they may select a new preferred answer.

Reset Upon Login MFA
Similar to the Iterable MFA Questions, this flow happens when the user incorrectly answers their MFA question 3 times in their latest login attempt.

The client will first have to confirm their identity by answering a question only they should know the answers to. After this successful confirmation, the client must recreate a new set of 3 questions and answers. Here are all the possible types of questions :
QuestionAndAnswer with Prompt
MultipleChoice with Iterables
MultipleChoiceMultipleAnswers with Iterables
QuestionAndAnswer with Iterables


Visual Flow with OTP

The flow includes the following steps, which appear in images below:

  1. Consent
  2. Provider selection
  3. Authentication
  4. MFA
  5. Success

Step 1:

Step 2:

Step 3

Step 4

Step 5